Microsoft Makes Windows Recall Opt-In Following Security Researchers’ Concerns

• The Recall AI feature used to be enabled by default, but Microsoft has now made it opt-in, with Windows Hello enrollment required to use it.
• Security researchers have raised concerns about Microsoft’s Recall AI feature that collects data and stores it locally.
• Even before being rolled out, white hat hackers have created a simple tool to breach it.

A new Recall update gives users a much clearer choice to opt-in to saving snapshots using this feature, Microsoft announced, which collects screenshots using artificial intelligence and stores these interactions in a local database. This AI feature of Recall will now be disabled by default. 

Users will only be able to toggle on the Recall feature on their PCs via Windows Hello. Proof of presence is also required to search and view Recall user timelines, as the search index database will be encrypted.

This decision comes following recent security concerns, with an ethical hacker already creating a tool that can easily extract sensitive data from Recall, naming it TotalRecall. This tool relied on the fact that Recall stores everything locally in an unencrypted SQLite database.

Windows Recall is a key element of Microsoft’s new Copilot Plus PCs. It uses an AI feature to capture data from all permitted applications via screenshots taken every five seconds, being able to function without an Internet connection and even when you're not logged in to your Microsoft account.

Now, adding ‘just in time’ decryption via Windows Hello Enhanced Sign-in Security (ESS) means “the Recall database content will only be decrypted and accessible when the user authenticates,” as per the official announcement.

For people who are enrolled in Windows Hello and want to use the Recall AI feature, it can be enabled from Windows’ settings, then ‘Privacy & Security,’ and then ‘Recall & Snapshots,’ where a toggle button is available. This is also where users can delete any collected data.